A South Korean cybersecurity expert said Tuesday there is more circumstantial evidence that North Korea may be behind the global "ransomware" attack: the way the hackers took hostage computers and servers across the world was similar to previous cyberattacks attributed to North Korea.
Researchers have said that some of the code used in Friday's ransomware, known as WannaCry software, was almost identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the devastating hack of Sony Pictures Entertainment in 2014 and the last year's hack of Bangladesh central bank.
Mehta said it appears the hacking group Lazarus, which is believed to have a connection with the North, is behind the latest malware attacks.
Mehta has found similarities between code found within WannaCry and other tools believed to have been created by the Lazarus Group in the past, BBC reported.
"Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCrypt", the report quoted Moscow-based cyber security firm Kaspersky Lab as saying.
Specially, no USA federal systems are affected, he said.
Kaspersky Lab researcher Kurt Baumgartner said that this is the finest sign we have seen to time as to the roots of WannaCry. "As researchers, we prefer to provide facts rather than speculations", they wrote.
Nevertheless, governments across the world are investigating who was behind Friday's ransomware attack. Dubbed WannaCry, it exploits vulnerability in the Windows operating system that was first discovered by the National Security Agency (NSA) and was later leaked to public by the hacker group the Shadow Brokers last month, prompting Windows to close the loophole and issued an update.
He cited a major attack a year ago that stole the data of over 10 million users of Interpark, a Seoul-based online shopping site, in which hackers demanded bitcoin payments worth about $3 million. It also installs a countdown timer on the victim's wallpaper, demanding to pay the ransom if one does not want private files deleted. Russian Federation too was badly affected, the report said.
On an online messenger system, Choi told AFP, "He said he and his colleagues were running tests for ransomware attacks".